| The popularization of software has brought people much convenience and changed our life at same time. But there are lots of errors hided in software, which will cause vulnerabilities or security hole in system and bring huge risks. Now many institutes and companies pay more attention to finding methods to avoid software errors. The paper analyzes the buffer overflow, the most dangerous kind of errors in software. Promotes a method for finding software buffer overflow based on former buffer overflow finding models, which improves exactness on original static buffer overflow analysis .First, the paper points out that the buffer overflow is most dangerous security hole of software, expounds background and studies of this field, and shows the advantages and disadvantages of original static and dynamic buffer overflow analysis method. Then we brings a new buffer overflow analysis method, which comes from static analysis method that make use of Wagner's analysis method to improve it exactness and performance, so it can conveniently find buffer overflow of program source-code. Following the method, we finish a complete design of buffer overflow finding system. It includes the functions framework, modules design and partition and development kit of system.The system is discussed by experiment, to find vulnerability or security hole in source code of test and actual project. And we give out a conclusion of the experiment. At last, we analyze the method of buffer overflow finding and give out the conclusion. |
PDF Full Text Request